Clean up Azure Resource Groups with a Tag

In my environment I use an Azure Automation Runbook that every evening is cleaning up my environment based on a Tag. When the tag “RemoveResourceGroup” is set to “Yes” on a Resource Group I will delete it and everything in that group.

If you want to try my Runbook you can download the script and run it on your local client or in Azure Automation. I have tested the script with PowerShell module AzureRM.Resources version 6.7.3. If you need to upgrade the module in Azure Automation, to a newer version, just do a new import of the module from the gallery.

The script can be downloaded from GitHub.

<#
    .DESCRIPTION
        Removes Resource Groups that have a tag "RemoveResourceGroup" set to "Yes"
        
        Script can be used in both Azure Automation and direct from PowerShell prompt
        The script have been tested in Azure Automation with module AzureRM.Resources version 6.7.3

    .NOTES
        Author: Jonathan Andersson
        Last Updated: 12/09/2019

    .PARAMETER TagResourceGroupName
        Tag name

    .PARAMETER TagValue
        Tag value

    .PARAMETER AzureAutomation
        If script sould be run in Azure Automation

    .PARAMETER ConnectionName
        A<ure Automation RunAs Connection to Azure

    .EXAMPLE
        RemoveResourceGroupAutomation -TagResourceGroupName "RGName" -TagValue "Yes" -AzureAutomation $false
#>

[CmdletBinding()]
param (
    [Parameter()]
    [string]
    $TagResourceGroupName = "RemoveResourceGroup",
    
    [Parameter()]
    [string]
    $TagValue = "Yes",      

    [Parameter()]
    [bool]
    $AzureAutomation = $true,

    [Parameter()]
    [string]
    $ConnectionName = "AzureRunAsConnection"
)

# Create a Tag object
[object] $Tag = @{}

try {
    if ($AzureAutomation) {
        # Get the connection "AzureRunAsConnection "
        $servicePrincipalConnection = Get-AutomationConnection -Name $ConnectionName         

        # Logging in to Azure
        Add-AzureRmAccount `
            -ServicePrincipal `
            -TenantId $servicePrincipalConnection.TenantId `
            -ApplicationId $servicePrincipalConnection.ApplicationId `
            -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null
    }
    $Tag.Add($TagResourceGroupName, $TagValue)
    Write-Output "Using TagResourceGroupName: $TagResourceGroupName and TagValue: $TagValue"

    $ResourceGroups = Get-AzureRmResourceGroup -Tag $Tag

    foreach ($ResourceGroup in $ResourceGroups) {
        Remove-AzureRmResourceGroup -Name $ResourceGroup.ResourceGroupName -Force | Out-Null
        Write-Output "Removed Resource Group: " $ResourceGroup.ResourceGroupName
    }
} 
catch {
	if (!$servicePrincipalConnection)
	{
		$ErrorMessage = "Connection $ConnectionName not found."
		throw $ErrorMessage
    } 
    else{
		Write-Error -Message $_.Exception
		throw $_.Exception
	}
}

Send Email when Azure Site Recovery is done or manual step is needed

This post is about sending an email when a Azure Site Recovery (ASR) failover is done or before a manual step in the ASR failover plan. In the example I have used an Azure Automation runbook in the ASR plan to send an email through the service SendGrid. SendGrid can off course be changed to another solution but in my case, I find it easy to use.

If you want to try it, start by creating a SendGrid account in Azure.

Make a note of the username and your password, you will need it later.

Create or import an Azure Automation Runbook that will send the email. This is the Runbook I used: SendEmail Runbook. Read the information in the description of the Runbook to get it working.

In the example Runbook above, an Azure Automation credential is needed. This is how it should look like. Add the username and password from the SendGrid account.

Edit the variables in the Runbook script and publish it.

Go to the Recovery Services vault and add the Runbook to the ASR plan.

Clone VMs after ASR Test Failover

If you want to clone a production environment on-prem to Azure and then, for example, test an upgrade or do new development on those servers, here is one way to do it.

My solution is using Azure Site Recovery (ASR) and a PowerShell script. It does not have any impact on the on-prem environment because I am using Test Failover in ASR which is starting the servers on a separate VNet in Azure which is not having any connectivity back on-prem. The Test Failover feature in ASR will make a clone of the on-prem servers in Azure and will not shut them down.

In ASR, as of today, you can only do one Test Failover at the time. This means that if you have done one Test Failover you cannot do another one while the first one is running. Because of this I am using a script in ASR to clone the Test Failover VMs so you can do more than one environment for testing.

Here is how I did it!

1.       First step is to install and configure ASR to replicate the servers that is going to be cloned https://docs.microsoft.com/en-us/azure/site-recovery. When that is done, control that the servers are using Managed Disks. It they are not, change so they do.

2.       Next step is to create an Azure Automation Account and a Runbook for cloning the servers. Here is the script I use: My GitHub. If you are using my script, change the variables to fit your needs.

If you have issues with the script, update the Azure Automation Account modules and import the modules that are needed. Here is a screenshot of the modules I have tested the script with.

3.       When the servers have been replicated with ASR, create an ASR Recovery Plan and add the servers to a Group. Add the earlier created Runbook from Azure Automation as a Recovery Plan post step on the Group with the servers.

When this is done, do a Test Failover to test you Recovery Plan and clone of the servers.

Clone VMs in an Azure Resource Group

There are many ways to clone VMs from one Azure Resource Group to another. Here is one example that are using Azure Snapshots. The VMs, to clone, has to belong to the same Azure Region as where the copy should be created and has to use managed disks.

https://github.com/ajonathan/powershell/blob/master/AzureResourceGroupVMsCopy.ps1

To get going with the script, download or copy it from my GitHub account. It works perfect in Azure Cloud Shell for PowerShell  as well as in a Azure Automation Runbook. Just remember to upgrade the modules before running it.

Here is a screenshot from a ready clone from Resource Group myvms-rg.

 

Install and configure an Apache web server on Linux with DSC and Azure Automation

This post will describe how to install an apache server, check that the apache service is running and configure the default web page with Desired State Configuration and Azure Automation. After deployed, I will show how to monitor that the configuration is not drifting with DSC in Azure Automation. This DSC service with Azure Automation works both for servers in the on-prem datacenter or at a public cloud provider.

The blog post will also show how to create an easy DSC Configuration file, add it so DSC in Azure Automation, and deploy it to a Linux computer. I will not show how to create an Azure Automation account or deploy the DSC agent. If you need help to deploy DSC on Linux, please see my blog post “Easy installation and registration script for OMS and DSC on Linux” where I install OMI, DSC and the OMS agent.

Get started

To get started we have to create a DSC Configuration file. Below is anexample that will deploy an Apache web server, check that Apache is running and that the web page looks like it should. To test this configuration save the below configuration in a file named DSCLinux01.ps1. This configuration uses the Apt package installer in Linux and is tested on Debian and Ubuntu.

Configuration DSCLinux01
{
    Import-DSCResource -Module nx
    
    Node "apache2"
    {
        nxPackage apache2Install
        {
            Name = "apache2"
            Ensure = "Present"
            PackageManager = "Apt"
        }

        nxService apache2Service
        {
            Name = "apache2"
            Controller = "init"
            Enabled = $true
            State = "Running"
        }    

        nxFile apache2File
        {
            Ensure = "Present"
            Type = "File"
            DestinationPath = "/var/www/index.html"
            Contents = '<!DOCTYPE html>
<html>
<head>
<title>My DSC Linux Apache Test Page</title>
</head>
<body bgcolor="#00c87c">
<h3 style="color:blue">This Apache server and webpage is installed and configured by DSC on Linux</h3>
</body>
</html>'
        }
    }
}

When the configuration file is created go to the Azure Automation account and click DSC Configurations.

Install and configure an Apache web server on Linux with DSC and Azure Automation1

After entered the DSC Configuration click “Add a configuration file” and upload the file DSCLinux01.ps1.

Install and configure an Apache web server on Linux with DSC and Azure Automation2

 

Click on the “DSCLinux01” and then “Compile”. When the status is “Completed” it is time to deploy the configuration to a Linux computer.

Install and configure an Apache web server on Linux with DSC and Azure Automation3

Before the configuration can be deploy the DSC Configuration DSC needs to be installed on the Linux server that is going to use the configuration. See my blog post “Easy installation and registration script for OMS and DSC on Linux” where I install OMI, DSC and the OMS if you need help with this.

When DSC is installed and registered the server shows up under DSC Nodes. Click DSC Nodes and the server to deploy DSC configurations to.

Install and configure an Apache web server on Linux with DSC and Azure Automation4

Click Assign Node Configuration to be able to select the configuration you wish to use.

Install and configure an Apache web server on Linux with DSC and Azure Automation5

Select “DSCLinux01.apache2”.

Install and configure an Apache web server on Linux with DSC and Azure Automation6

Check that the configuration was selected in the “Node Configuration” section.

Install and configure an Apache web server on Linux with DSC and Azure Automation7

Now it is just to wait for the configuration to be added to the server. In the picture below one can see that the configuration has been added and checked that the server is compliant with the configuration file.

Install and configure an Apache web server on Linux with DSC and Azure Automation8

To check the end result, enter the IP or DNS for the server in a web browser to check if one can see the webpage. The result should look like this.

Install and configure an Apache web server on Linux with DSC and Azure Automation10

Let’s also make a quick check on the server to see the apache is installed and the service is started.

Install and configure an Apache web server on Linux with DSC and Azure Automation11